RE: [twitter-dev] Announcing Twurl: OAuth-enabled curl for the Twitter API

[Dean Collins]

Great so you are moving before oauth 2 is finished. You guys are crazy. You’re making everyone change now and then change again in 3 months.

 

 

 

 

Cheers,

Dean

 

---

From: twitter-deve...@googlegroups.com [mailto:twitter-deve...@googlegroups.com] On Behalf Of Marcel Molina
Sent: Tuesday, April 20, 2010 3:13 PM
To: twitter-deve...@googlegroups.com; twitter-ap...@googlegroups.com
Subject: [twitter-dev] Announcing Twurl: OAuth-enabled curl for the Twitter API

 

We've announced that come June 2010, Basic Auth will no longer be supported via the Twitter API. All authenticated requests will be moving to OAuth (either version 1.0a or the emerging 2.0 spec). There are many benefits from this change. Aside from the obvious security improvements, having all requests be signed with OAuth gives us far better visibility into our traffic and allows us many more tools for controlling and limiting abuse. When we know and trust the origin of our traffic we can loosen the reigns a lot and trust by default. We've already made a move in this direction by automatically increasing rate limits for requests signed with OAuth made to the new versioned api.twitter.com host.

 

One of the often cited virtues of the Twitter API is its simplicity. All you have to do to poke around at the API is curl, for example, http://api.twitter.com/1/users/noradio.xml and you're off and running. When you require that OAuth be added to the mix, you risk losing the simplicity and low barrier to entry that curl affords you. We want to preserve this simplicity. So we've provided two tools to let you poke around at the API without having to fuss with all the extraneous details of OAuth. For those who want the ease of the web, we've already included an API console in our new developer portal at http://dev.twitter.com/console. And now today we're glad to make available the Twurl command line utility as open source software:

 

  http://github.com/marcel/twurl

 

If you already have RubyGems (http://rubygems.org/), you can install it with the gem command:

 

  sudo gem i twurl --source http://rubygems.org

 

If you don't have RubyGems but you have Rake (http://rake.rubyforge.org/), you can install it "from source". Check out the INSTALL file (http://github.com/marcel/twurl/blob/master/INSTALL).

 

Once you've got it installed, start off by checking out the README (http://github.com/marcel/twurl/blob/master/README) (you can always get the README by running 'twurl -T'):

 

+-------+

| Twurl |

+-------+

 

Twurl is like curl, but tailored specifically for the Twitter API.

It knows how to grant an access token to a client application for

a specified user and then sign all requests with that access token.

 

It also provides other development and debugging conveniences such

as defining aliases for common requests, as well as support for

multiple access tokens to easily switch between different client

applications and Twitter accounts.

 

+-----------------+

| Getting Started |

+-----------------+

 

The first thing you have to do is register an OAuth application

to get a consumer key and secret.

 

  http://dev.twitter.com/apps/new

 

When you have your consumer key and its secret you authorize

your Twitter account to make API requests with your consumer key

and secret.

 

  % twurl authorize --consumer-key the_key       \

                    --consumer-secret the_secret

 

This will return an URL that you should open up in your browser.

Authenticate to Twitter, and then enter the returned PIN back into

the terminal.  Assuming all that works well, you will beauthorized

to make requests with the API. Twurl will tell you as much.

 

If your consumer application has xAuth enabled, then you can use

a variant of the above

 

  % twurl authorize -u username -p password      \

                    --consumer-key the_key       \

                    --consumer-secret the_secret

 

And, again assuming your username, password, key and secret is

correct, will authorize you in one step.

 

+-----------------+

| Making Requests |

+-----------------+

 

The simplest request just requires that you specify the path you

want to request.

 

  % twurl /1/statuses/home_timeline.xml

 

Similar to curl, a GET request is performed by default.

 

You can implicitly perform a POST request by passing the -d option,

which specifies POST parameters.

 

  % twurl -d 'status=Testing twurl' /1/statuses/update.xml

 

You can explicitly specify what request method to perform with

the -X (or --request-method) option.

 

  % twurl -X DELETE /1/statuses/destroy/123456.xml

 

+------------------+

| Creating aliases |

+------------------+

 

  % twurl alias h /1/statuses/home_timeline.xml

 

You can then use "h" in place of the full path.

 

  % twurl h

 

Paths that require additional options such as request parameters for example can

be used with aliases the same as with full explicit paths, just as you might

expect.

 

  % twurl alias tweet /1/statuses/update.xml

  % twurl tweet -d "status=Aliases in twurl are convenient"

 

+-------------------------------+

| Changing your default profile |

+-------------------------------+

 

The first time you authorize a client application to make requests on behalf of your account, twurl stores your access token information in its .twurlrc file. Subsequent requests will use this profile as the default profile. You can use the 'accounts' subcommand to see what client applications have been authorized for what user names:

 

  % twurl accounts

  noradio

    HQsAGcBm5MQT4n6j7qVJw

    hhC7Koy2zRsTZvQh1hVlSA (default)

  testiverse

    guT9RsJbNQgVe6AwoY9BA

 

Notice that one of those consumer keys is marked as the default. To change the default use the 'set' subcommand, passing then either just the username, if it's unambiguous, or the username and consumer key pair if it isn't unambiguous:

 

  % twurl set default testiverse

  % twurl accounts

  noradio

    HQsAGcBm5MQT4n6j7qVJw

    hhC7Koy2zRsTZvQh1hVlSA

  testiverse

    guT9RsJbNQgVe6AwoY9BA (default)

 

  % twurl set default noradio HQsAGcBm5MQT4n6j7qVJw

  % twurl accounts

  noradio

    HQsAGcBm5MQT4n6j7qVJw (default)

    hhC7Koy2zRsTZvQh1hVlSA

  testiverse

    guT9RsJbNQgVe6AwoY9BA

 

+--------------+

| Contributors |

+--------------+

 

Marcel Molina <mar...@twitter.com> / @noradio

Raffi Krikorian <ra...@twitter.com> / @raffi

--
Marcel Molina
Twitter Platform Team
http://twitter.com/noradio

[Raffi Krikorian]

you don't have to implement oauth 2....  oauth 1.0a is the supported and recommended version for now.

--
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

[Marcel Molina]

[Jeffrey Greenberg]

I'm already a whitelisted app (Tweettronics.com) and do not want access downgraded. I'm concerned that switching to oauth and "registering" my app at dev might cause my whitelisting status to change.   Can you assure me that won't happen?

Thx

Sent from my iPhone

[Thomas Woolway]

Whitelisting still overrides oAuth rate limit. If you are whitelisted, you'll get 20,000 reqs/hour for your account, otherwise you'll get the default 350.

Tom

[Jaanus]

I can't get it to authorize.

my-mac:~ jaanus$ twurl authorize --consumer-key blabla --consumer-
secret blabla
You must authorize first

huh?

On Apr 20, 3:13 pm, Marcel Molina <mar...@twitter.com> wrote:
> We've announced that come June 2010, Basic Auth will no longer be supported
> via the Twitter API. All authenticated requests will be moving to OAuth
> (either version 1.0a or the emerging 2.0 spec). There are many benefits from
> this change. Aside from the obvious security improvements, having all
> requests be signed with OAuth gives us far better visibility into our
> traffic and allows us many more tools for controlling and limiting abuse.
> When we know and trust the origin of our traffic we can loosen the reigns a
> lot and trust by default. We've already made a move in this direction by
> automatically increasing rate limits for requests signed with OAuth made to
> the new versioned api.twitter.com host.
>
> One of the often cited virtues of the Twitter API is its simplicity. All you

> have to do to poke around at the API is curl, for example,http://api.twitter.com/1/users/noradio.xmland you're off and running. When

> you require that OAuth be added to the mix, you risk losing the simplicity
> and low barrier to entry that curl affords you. We want to preserve this
> simplicity. So we've provided two tools to let you poke around at the API
> without having to fuss with all the extraneous details of OAuth. For those
> who want the ease of the web, we've already included an API console in our

> new developer portal athttp://dev.twitter.com/console. And now today we're

> glad to make available the Twurl command line utility as open source
> software:
>
>  http://github.com/marcel/twurl
>
> If you already have RubyGems (http://rubygems.org/), you can install it with
> the gem command:
>

>   sudo gem i twurl --sourcehttp://rubygems.org

> --
> Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

[Marcel Molina]

There is a fix for this. In the meantime you can pass in the -u and -p (username & password) command line options and it will force the PIN work flow and you'll be able to authorize.

[Kartik]

Hi,

I installed RubyGems and did this

sudo gem i twurl --sourcehttp://rubygems.org

Then tried to use twurl but it gives a error :
twurl: command not found

Please tell me what am I missing ?
Also, how do we use twurl with PHP ? cURL can be used with the PHP
built in functions.

Kartik

On Apr 21, 12:13 am, Marcel Molina <mar...@twitter.com> wrote:
> We've announced that come June 2010, Basic Auth will no longer be supported
> via the Twitter API. All authenticated requests will be moving to OAuth
> (either version 1.0a or the emerging 2.0 spec). There are many benefits from
> this change. Aside from the obvious security improvements, having all
> requests be signed with OAuth gives us far better visibility into our
> traffic and allows us many more tools for controlling and limiting abuse.
> When we know and trust the origin of our traffic we can loosen the reigns a
> lot and trust by default. We've already made a move in this direction by
> automatically increasing rate limits for requests signed with OAuth made to
> the new versioned api.twitter.com host.
>
> One of the often cited virtues of the Twitter API is its simplicity. All you

> have to do to poke around at the API is curl, for example,http://api.twitter.com/1/users/noradio.xmland you're off and running. When

> you require that OAuth be added to the mix, you risk losing the simplicity
> and low barrier to entry that curl affords you. We want to preserve this
> simplicity. So we've provided two tools to let you poke around at the API
> without having to fuss with all the extraneous details of OAuth. For those
> who want the ease of the web, we've already included an API console in our

> new developer portal athttp://dev.twitter.com/console. And now today we're

> glad to make available the Twurl command line utility as open source
> software:
>
>  http://github.com/marcel/twurl
>
> If you already have RubyGems (http://rubygems.org/), you can install it with
> the gem command:
>

>   sudo gem i twurl --sourcehttp://rubygems.org

[Scott Schulz]

On Tue, Apr 20, 2010 at 3:13 PM, Marcel Molina <mar...@twitter.com> wrote:

> If you already have RubyGems (http://rubygems.org/), you can install it with
> the gem command:
>   sudo gem i twurl --source http://rubygems.org

After consulting with Raffi on another issue, I have registered an app
and am trying to use Twurl to get the necessary keys/tokens/whatever.
I've installed ruby, gems, etc, and install twurl via gem, but when I
run it, I get the following:

/usr/local/lib/ruby/gems/1.9.1/gems/twurl-0.6.1/lib/twurl/request_controller.rb:2:in
`<module:Twurl>': uninitialized constant
Twurl::AbstractCommandController (NameError)

Am I missing another gem? Other ideas?

Thank you,

SwS

[Nathaniel K Smith]

On Apr 26, 8:24 pm, Scott Schulz <swsch...@gmail.com> wrote:
> I've installed ruby, gems, etc, and install twurl via gem, but when I
> run it, I get the following:
>

> /usr/local/lib/ruby/gems/1.9.1/gems/twurl-0.6.1/lib/twurl/request_controlle r.rb:2:in

> `<module:Twurl>': uninitialized constant
> Twurl::AbstractCommandController (NameError)

I'm getting the same issue, both on Ubuntu 9.04 and 10.04, ruby1.8 and
ruby1.9.1.

nate

[Faried Nawaz]

Scott, Nate:

I got it to work with a minor adjustment on Ubuntu 10.04. I did

apt-get install rake rubygems libopenssl-ruby
gem install oauth
gem install rr
gem install require_all
git clone http://github.com/marcel/twurl.git
apply this diff: http://gist.github.com/400489
rake dist:gem
gem install pkg/twurl-*.gem

You're set.

[kuhkatz]

so i suppose i am doing things wrong.
i followed your instructions, but when i apply the diff, i get this:


$ patch -i twurldiff
patching file Rakefile
patching file twurl.rb
Hunk #1 FAILED at 4.
1 out of 1 hunk FAILED -- saving rejects to file twurl.rb.rej
patching file rcfile_test.rb
Hunk #1 FAILED at 138.
1 out of 1 hunk FAILED -- saving rejects to file rcfile_test.rb.rej


$ rake dist:gem
(in /home/lorth/twurl)
mkdir -p pkg
WARNING: description and summary are identical
Successfully built RubyGem
Name: twurl
Version: 0.6.1
File: twurl-0.6.1.gem
mv twurl-0.6.1.gem pkg/twurl-0.6.1.gem


installing the patched twurl works, but it still gives me the same
error as before.

this is the first time i am touching ruby, so i have a kinda hard time
figuring out whats going on. seems like twurls wants to load some
dependencies when the error occured, but i dont know how to fix this.
anyone have a clue?

[Faried Nawaz]

On May 15, 12:41 am, kuhkatz <kuhk...@googlemail.com> wrote:

> so i suppose i am doing things wrong.
> i followed your instructions, but when i apply the diff, i get this:
>
> $ patch -i twurldiff

Close. You can do either one of

patch -p 1 -i twurldiff

or

git apply twurldiff


Faried.

[Patrick Kennedy]

Hi, Faried -

I tried it too, since I have Linux 10.04, and it also has a problem at
the patching part, even provided your two ways to execute the diff.
I'm also new to Ruby stuff.

$ patch -i twurldiff

patching file Rakefile

Hunk #1 FAILED at 2.
Hunk #2 FAILED at 69.
2 out of 2 hunks FAILED -- saving rejects to file Rakefile.rej
patching file lib/twurl.rb

Hunk #1 FAILED at 4.

1 out of 1 hunk FAILED -- saving rejects to file lib/twurl.rb.rej
patching file test/rcfile_test.rb

Hunk #1 FAILED at 138.

1 out of 1 hunk FAILED -- saving rejects to file test/rcfile_test.rb.rej

Just feedback. Patrick

[Faried Nawaz]

I tested both "git apply patchfile" and "patch -p 1 -i patchfile"
separately before posting the commands, and they both worked for me.
Note that the git command doesn't produce any output, but does patch
the files.

If it still isn't working for you, you can always manually edit the
files. It's a small change.


Faried.

[Patrick Kennedy]

Faried -

I'm sure it mostly my new newness to Ruby; rake/make files are not my
strong area as well.

If it's fairly small changes, can you provide those changes?
Basically, why patch it - if I can just use a replacement file. But
since it's not provided yet, maybe you can demonstrate those tweaks?

Well, I'm not asking you to do something, if it's onerous to you - so,
absolutely no worries. But, then again, if it's trivial, it would be
cool to get working on the new Ubuntu. Otherwise my passion for
Twitter coding may slowly cool down - though, of course I love all
things Twitter - and I'm trying to get back into the coding of it.

~Patrick

[Faried Nawaz]

On May 15, 4:29 pm, Patrick Kennedy <kenned...@gmail.com> wrote:
> I'm sure it mostly my new newness to Ruby; rake/make files are not my
> strong area as well.

You're not stuck on a Ruby issue. Try the steps I listed on a new
repository. At the end, download the gist, and use "git apply
patchfile".

> If it's fairly small changes, can you provide those changes?

That's *exactly* what's in the gist: the changes I needed to make it
work.


Faried.

[kuhkatz]

tried the first approach,
gave me an error with lib/twurl.rb,
but with looking into the .rej and manually patching the file i
succeded, finally.

thanks for your help =)

[Patrick Kennedy]

I bet coffee and 10 seconds with either of you would fix my problem,
but no worries.

[kuhkatz]

someone of us might consider trying to help you if you could provide
further details on where exacly what goes wrong.
"doesnt work" is never a good way to call for help.

[Jef Poskanzer]

Twurl is just what I need, a command-line OAuth getter. Except it's
written in a language I don't have so it's useless to me.

Before turning off basic auth twitter needs to provide their own
official implementation of a CLI OAuth getter, written in plain old C.

[Faried Nawaz]

On May 17, 11:30 pm, Jef Poskanzer <jef.poskan...@gmail.com> wrote:
> Before turning off basic auth twitter needs to provide their own
> official implementation of a CLI OAuth getter, written in plain old C.

Maybe http://oauth.googlecode.com/svn/code/c/liboauth/ plus an xml
parser?

[Cameron Kaiser]

I don't want to jump too far with this, but I am working with Taylor and
Raffi to get TTYtter 1.1 in an acceptable form for public release (we are
having discussions about how to streamline the keys process in such a way
that's simpler for users, but still secure for Twitter).

That implementation is 100% pure Perl, and does not use any external
libraries. You're welcome to take a crack at it now if you like, but you
will need to generate your own app keys in its current state. E-mail me
off list if interested.

--
------------------------------------ personal: http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems * www.floodgap.com * cka...@floodgap.com
-- Why do we scoff at fortune tellers, yet listen to economists? --------------

[Zac Bowling]

I've been dealing with this myself. What I did was implement a new twitterrc format -- basically a config file in your user directory (~/.twitterrc) or in your /etc/ that has your own personal consumer and access token. I also store a version inside in the keychain on Mac.

I forked a version of twurl and updated all own my scripts to recognize the rc file and Mac keychain format and use it if it's detected. It makes it far less complicated to use command line tools.

It would be nice to standardize this or something maybe.

Zac Bowling
@zbowling

Sent from my iPad